Lucene search
K

438 matches found

suse
suse
added 2026/03/19 8:23 a.m.6 views

Security update for jq

This update for jq fixes the following issue: CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation bsc1248600. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

4.8CVSS5.8AI score0.00194EPSS
Exploits1References4
nvd
nvd
added 2026/03/18 6:16 p.m.4 views

CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...

5.5CVSS0.00112EPSS
Exploits0References3
talosblog
talosblog
added 2026/03/11 10:0 a.m.8 views

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

5.8AI score
Exploits0
nessus
nessus
added 2026/03/04 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005416 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject new basechain after table flag update When dormant flag is toggled,...

5.5CVSS5.9AI score0.00226EPSS
Exploits0References4
github
github
added 2026/03/03 10:54 p.m.10 views

OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback

Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...

4.3CVSS5.9AI score0.00295EPSS
Exploits0References6Affected Software1
grafana
grafana
added 2026/02/25 12:0 a.m.13 views

Authorization bypass in Grafana datasource deletion

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0
github
github
added 2026/02/17 9:42 p.m.11 views

OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals

Summary A mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. Affected Configurations This only impacts deployments that: - Use the node host / companion node executi...

7.2CVSS5.8AI score0.0049EPSS
Exploits0References5Affected Software1
packetstormnews
packetstormnews
added 2026/02/04 12:0 a.m.6 views

Hallucination-Resistant Security Planning with a Large Language Model

Large language models LLMs are promising tools for supporting security management tasks, such as incident response planning. However, their unreliability and tendency to hallucinate remain significant challenges. In this paper, we address these challenges by introducing a principled framework for...

5.4AI score
Exploits0
snyk
snyk
added 2026/01/28 4:33 p.m.5 views

Malicious Package

Overview check-deps-ver-consistency is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
snyk
snyk
added 2026/01/28 4:33 p.m.6 views

Malicious Package

Overview check-dependency-ver-consistency is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
osv
osv
added 2026/01/14 3:16 p.m.5 views

UBUNTU-CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

5.5CVSS5.7AI score0.0015EPSS
Exploits0References25
osv
osv
added 2026/01/13 4:16 p.m.6 views

UBUNTU-CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...

5.7AI score0.00173EPSS
Exploits0References38
redhatcve
redhatcve
added 2026/01/09 11:56 a.m.8 views

CVE-2018-4313

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5...

5.5CVSS5.8AI score0.00348EPSS
Exploits0References1
redhat
redhat
added 2026/01/08 1:54 p.m.5 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
packetstormnews
packetstormnews
added 2026/01/07 12:0 a.m.8 views

AutoVulnPHP: LLM-Powered Two-Stage PHP Vulnerability Detection and Automated Localization

PHP's dominance in web development is undermined by security challenges: static analysis lacks semantic depth, causing high false positives; dynamic analysis is computationally expensive; and automated vulnerability localization suffers from coarse granularity and imprecise context. Additionally,...

7.2AI score
Exploits0
osv
osv
added 2025/12/29 11:15 p.m.5 views

UBUNTU-CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.5AI score0.0041EPSS
Exploits1References5
nvd
nvd
added 2025/12/24 1:16 p.m.7 views

CVE-2023-54077

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

0.00175EPSS
Exploits0References5
mscve
mscve
added 2025/12/24 9:1 a.m.4 views

jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted

...

5.5CVSS5.4AI score0.0018EPSS
Exploits0
redhat
redhat
added 2025/12/22 4:40 p.m.8 views

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

4.3CVSS6.2AI score0.00353EPSS
Exploits0References9
osv
osv
added 2025/12/16 1:57 p.m.3 views

CVE-2025-68212 fs: Fix uninitialized 'offp' in statmount_string()

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmountstring In statmountstring, most flags assign an output offset pointer offp which is later updated with the string offset. However, the STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP cases...

6.3AI score0.00155EPSS
Exploits0References5
Rows per page
Query Builder